Showing results for 
Search instead for 
Did you mean: 

3750x DHCP issues


Hi all,

I ran into a weird issue while making some network changes last night.  We have a 3750x connected to a firewall on a flat network, devices on Vlan1 get an IP from the firewall and everything works fine.  Last night I created a new vlan to connect the switch and firewall together, Vlan 100, and left all other devices on vlan 1.  After this change DHCP would not work for any device on Vlan1, regardless if I had the pool on the firewall and use an IP Helper on the vlan interface or if I set up a local DHCP pool on the switch. 


We have a few other vlans on the switch, if I moved any vlan 1 port to another vlan and shut/no shut the port the device would pull an IP from the firewall no issues.  I even attempted to shut down vlan 1, move it's whole network to a new vlan I created and assign ports to the new vlan.  I ran debugs on dhcp events, I would see messages like this:

cisco DHCPD: no subnet configured for (this network doesn't exist anywhere, no idea where this IP came from)



Another odd thing I noticed is very rarely some device would get an IP if the pool was on the switch, but the lease was always set to expire in 5min, no matter what lease time I configured on the pool.

10 Replies 10

VIP Community Legend VIP Community Legend
VIP Community Legend

can you post the configuraiton of switch show run and also what FW is this ?


suggest to clear ARP and test again.




***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help


Here is the switch config on firmware c3750e-universalk9-mz.150-2.SE11.bin:


ip routing
no ip cef optimize neighbor resolution
ip dhcp excluded-address
ip dhcp excluded-address
ip dhcp excluded-address
ip dhcp excluded-address
ip dhcp excluded-address
ip dhcp pool VOICE

ip dhcp pool SECURITY


spanning-tree mode pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig (STP)
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause l2ptguard
errdisable recovery cause psecure-violation
errdisable recovery cause port-mode-failure
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause pppoe-ia-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
errdisable recovery cause small-frame
errdisable recovery cause psp
errdisable recovery interval 30
vlan internal allocation policy ascending
lldp run

interface Vlan1
ip address
interface Vlan6
description Voice
ip address
interface Vlan100
ip address
interface Vlan220
description Security
ip address
interface Vlan997
ip address
ip helper-address
router ospf 1
redistribute connected subnets
network area 0
network area 0
network area 0
network area 0
ip http server
ip http secure-server
ip sla enable reaction-alerts


line con 0
line vty 0 4
exec-timeout 0 0
password 7 04760C0B0825401C04
length 0
history size 256
transport input telnet ssh
line vty 5 15
password 7 07222641490D15571A
ntp server
ntp server
ntp peer


Is that an ASA dishing out the DHCP addresses ?

It's actually a sonicwall firewall.  We have this same layout at multiple sites, this is the first one to have this kind of behavior.  All other networks seem to function right, but when I put the stub network between the switch and firewall the 192.168.22.x network will not process DHCP request regardless where the pool is.  Other networks behave fine. 



what is the physical port connecting the 3750x to the SonicWall configured like ? 

You dont say how the fw and the 3750 are physically connected, routed port, routed svi, or trunk.
Is the Fw running OSPF or do you have static routes pertaining to vlan 1 on there.

Suggest remove dhcp from the 3750 as the Fw is servicing dhcp, and also the helper address from vlan 997 

Lastly looking at your ospf stanza as you are locally advertising the connected interfaces so not sure why you are redistributing them also and i dont see a network statement of vlan 997 either.


Post the following from the 3750:
sh ip protocols
sh ip ospf neighbors
sh ip ospf inter brief
sh ip arp
sh ip route

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards

So the switch had to be reverted to the flat network, but below is the output.  The firewall and switch are connected via routed SVI, the switch and firewall are OSPF peers.  We often use "redistribute connected subnets" incase a new network is added and someone forgets to update the OSPF route statements, as is the case with vlan 997 here.  It really feels like this is a bug in the switch IOS because everything else works, until leases expire 192.168.22.xx has full network and internet access, all other subnets can get DHCP regardless of the DHCP server location.  It's just an issue with network 192.168.22.x getting DHCP.


sh ip prot
*** IP Routing is NSF aware ***

Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID
It is an autonomous system boundary router
Redistributing External Routes from,
connected, includes subnets in redistribution
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks: area 0 area 0 area 0 area 0
Routing Information Sources:
Gateway Distance Last Update 110 19:51:33
Distance: (default is 110)



sh ip ospf neigh

Neighbor ID Pri State Dead Time Address Interface 1 FULL/BDR 00:00:35 Vlan1



sh ip ospf int brief
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Vl1 1 0 1 DR 1/1
Vl220 1 0 1 DR 0/0
Vl100 1 0 1 DR 0/0
Vl6 1 0 1 DR 0/0


sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet - 00da.55bd.8941 ARPA Vlan6
Internet 0 805e.c04f.0671 ARPA Vlan6
Internet 0 805e.c056.aa32 ARPA Vlan6
Internet 0 805e.c056.b672 ARPA Vlan6
Internet 0 805e.c056.ab90 ARPA Vlan6
Internet 0 805e.c056.aec5 ARPA Vlan6
Internet 0 805e.c056.aa04 ARPA Vlan6
Internet 0 805e.c056.b2da ARPA Vlan6
Internet 0 805e.c02f.bf1b ARPA Vlan6
Internet 0 805e.c052.3e23 ARPA Vlan6
Internet 1 805e.c056.aa1f ARPA Vlan6
Internet 1 805e.c056.b586 ARPA Vlan6
Internet 0 805e.c052.2fdd ARPA Vlan6
Internet 0 805e.c056.b41f ARPA Vlan6
Internet 0 805e.c056.aacc ARPA Vlan6
Internet 0 805e.c056.b2be ARPA Vlan6
Internet 0 805e.c056.ac45 ARPA Vlan6
Internet 0 805e.c056.b5f1 ARPA Vlan6
Internet 1 805e.c052.8ec0 ARPA Vlan6
Internet 0 805e.c056.abeb ARPA Vlan6
Internet 0 805e.c056.aa2e ARPA Vlan6
Protocol Address Age (min) Hardware Addr Type Interface
Internet 0 2829.860d.2ac7 ARPA Vlan6
Internet 0 0015.65b4.5dd8 ARPA Vlan6
Internet 0 805e.c056.a96f ARPA Vlan6
Internet 0 0015.65ac.58b0 ARPA Vlan6
Internet - 00da.55bd.8942 ARPA Vlan100
Internet 0 Incomplete ARPA
Internet 201 2c01.b56a.5020 ARPA Vlan100
Internet 201 2c01.b56a.394c ARPA Vlan100
Internet 201 2c01.b56a.44e2 ARPA Vlan100
Internet 201 2c01.b56a.505c ARPA Vlan100
Internet 0 Incomplete ARPA
Internet - 00da.55bd.8943 ARPA Vlan220
Internet 58 b42e.993a.1e8b ARPA Vlan220
Internet 56 b42e.9937.96d2 ARPA Vlan220
Internet 0 4447.cca6.befd ARPA Vlan220
Internet 1 142f.fd14.2934 ARPA Vlan220
Internet 0 4447.cca6.bfa0 ARPA Vlan220
Internet 1 142f.fd14.2344 ARPA Vlan220
Internet 1 142f.fd14.241d ARPA Vlan220
Internet 1 142f.fd14.2445 ARPA Vlan220
Internet 1 142f.fd14.2466 ARPA Vlan220
Internet 1 142f.fd14.23cc ARPA Vlan220
Protocol Address Age (min) Hardware Addr Type Interface
Internet 1 142f.fd14.2415 ARPA Vlan220
Internet 1 142f.fd14.2418 ARPA Vlan220
Internet 1 142f.fd14.244a ARPA Vlan220
Internet 1 142f.fd14.2767 ARPA Vlan220
Internet 1 142f.fd14.2406 ARPA Vlan220
Internet 1 142f.fd14.2440 ARPA Vlan220
Internet 1 142f.fd14.2434 ARPA Vlan220
Internet 1 142f.fd14.2425 ARPA Vlan220
Internet 1 142f.fd14.240f ARPA Vlan220
Internet 1 142f.fd14.2420 ARPA Vlan220
Internet 1 142f.fd14.24e0 ARPA Vlan220
Internet 1 142f.fd14.2423 ARPA Vlan220
Internet 1 142f.fd14.246d ARPA Vlan220
Internet 1 142f.fd14.2624 ARPA Vlan220
Internet 1 142f.fd14.243d ARPA Vlan220
Internet 1 142f.fd14.2428 ARPA Vlan220
Internet 1 142f.fd14.2435 ARPA Vlan220
Internet 1 142f.fd14.2458 ARPA Vlan220
Internet 1 142f.fd14.242b ARPA Vlan220
Internet 1 142f.fd14.2422 ARPA Vlan220
Internet 1 142f.fd14.241f ARPA Vlan220
Internet 1 142f.fd14.24df ARPA Vlan220
Protocol Address Age (min) Hardware Addr Type Interface
Internet 0 1c82.5910.2098 ARPA Vlan220
Internet 1 142f.fd14.241c ARPA Vlan220
Internet 1 4447.cc6e.d8e3 ARPA Vlan220
Internet 1 4447.cc6e.d4e9 ARPA Vlan220
Internet 1 142f.fd14.2622 ARPA Vlan220
Internet 1 142f.fd14.2664 ARPA Vlan220
Internet 1 142f.fd14.2649 ARPA Vlan220
Internet 1 142f.fd14.2419 ARPA Vlan220
Internet 32 b8a4.4f0a.15fb ARPA Vlan220
Internet 1 142f.fd14.27e1 ARPA Vlan220
Internet 1 686d.bc45.73dc ARPA Vlan220
Internet 1 142f.fd14.2921 ARPA Vlan220
Internet - 00da.55bd.8940 ARPA Vlan1
Internet 3 9cc0.7700.a80a ARPA Vlan1
Internet 0 1ab1.69b3.730c ARPA Vlan1
Internet - 00da.55bd.8944 ARPA Vlan997



sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is to network

O*E2 [110/10] via, 19:56:14, Vlan1 is variably subnetted, 6 subnets, 2 masks
C is directly connected, Vlan6
L is directly connected, Vlan6
C is directly connected, Vlan100
L is directly connected, Vlan100
C is directly connected, Vlan220
L is directly connected, Vlan220 is subnetted, 1 subnets
O E2 [110/20] via, 19:56:14, Vlan1 is variably subnetted, 2 subnets, 2 masks
C is directly connected, Vlan1
L is directly connected, Vlan1 is variably subnetted, 2 subnets, 2 masks
C is directly connected, Vlan997
L is directly connected, Vlan997



The Cisco Suggested image is Catalyst 3750 Series Switch -Release 12.2.55-SE12 MD



VIP Community Legend VIP Community Legend
VIP Community Legend

Not sure what is the point here, since this was an old thread.


That is cisco suggested on 12.X Code ( that is the final version Cisco released before end of support), there is no harm going to 15.X version which the device has already?


Here is the switch config on firmware c3750e-universalk9-mz.150-2.SE11.bin.




***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

This issue remains unsolved.  I had to drop the plans to change the network until we get someone on site.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers